• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 613
  • Last Modified:

Problem with multihomed pc and vpn - local network access

I work for a law firm and we are starting to routinely set up shop in hotels for trials. What I thought I could do was create a mini LAN in the hotel conference room consisting of a switch with several laptops, a server, and a local network printer connected and use the laptop's dual network cards to connect to the Internet and the local network at the same time.

I have the local mini LAN configured with 10.10.10.x, 255.255.255.0, no gateway addressing which the server acts as DHCP for this range. I plug the wire into the switch giving the laptop's NIC a 10.10.10.x address. Then I use the laptops wireless NIC to get on the hotels Internet connection.

All works well. I can access both the Internet and print until I connect to VPN. Once connected, we use Cisco's web based AnyConnect, the VPN gets 192.168.200.x, 255.255.255.0, 192.168.200.1 addressing but I am unable to connect to my 10.10.10.x LAN at all. I can even ping the printer. I am assume that traffic is trying to go through my VPN and finds a dead end. VPN works great. I can access my corp LAN fine, ping servers, etc...

Surely I'm just missing some sort of routing here. Is there anything I can do?

Thanks
0
Mark Lewis
Asked:
Mark Lewis
2 Solutions
 
davealfordCommented:
It sounds like the VPN client software is configured to send ALL data through the VPN tunnel. You maybe need to disable that feature.
0
 
Mark LewisAuthor Commented:
That just may be the case. I looked at the vpn config on the ASA and I do have it to tunnel all networks. Seems as if I need to exclude the 10.10.10.x range but I will need someone more Cisco fluent do do that. Thanks
0
 
Svet PaperovIT ManagerCommented:
No, you don’t need to exclude 10.10.10.x range

The settings you need to look for are split-tunnelling and split-dns. They need to be enabled on Cisco ASA.

You can find the appropriate configuration through ASDM but in CLI it will be something like:

access-list LOCAL_splitTunnelACL standard permit 192.168.200.0 255.255.255.0 
group-policy SSL_VPN_Policy attributes
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value LOCAL_splitTunnelACL
   split-dns value your.local.domain

Open in new window


I hope this helps
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now